[Samba] Running SQL Server xp_logininfo with Samba PDC
Jason
lst-samba at jupiterone.net
Sun Nov 3 20:14:14 MST 2013
We have setup Samba 4.1 as a PDC. We have successfully connected several
Windows 2008 Servers to the domain and created various users/groups.
During an application installation on the Windows server, it runs the
command in SQL server:
master..xp_logininfo 'MYDOMAIN\useraccount'
SQLserver is running as a service user created on the domain (here called
MYDOMAIN)
This returns:
Msg 15404, Level 16, State 19, Procedure xp_logininfo, Line 64
Could not obtain information about Windows NT group/user
'DOMAIN\useraccount', error code 0x5.
In the security log on windows it has:
An account failed to log on.
Subject:
Security ID: MYDOMAIN\SQLService
Account Name: SQLService
Account Domain: MYDOMAIN
Logon ID: 0x1063d
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006e
Sub Status: 0xc000006e
Process Information:
Caller Process ID: 0x52c
Caller Process Name: C:\Program Files\Microsoft SQL
Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
In the Samba Log on the PDC it gives the following messages:
[2013/11/04 14:05:12.684946, 4]
../source4/dsdb/repl/drepl_notify.c:463(dreplsrv_notify_schedule)
dreplsrv_notify_schedule(5) scheduled for: Mon Nov 4 14:05:18 2013 EST
[2013/11/04 14:05:17.693823, 4]
../source4/dsdb/repl/drepl_notify.c:463(dreplsrv_notify_schedule)
dreplsrv_notify_schedule(5) scheduled for: Mon Nov 4 14:05:23 2013 EST
[2013/11/04 14:05:17.839450, 3]
../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2013/11/04 14:05:17.840862, 5]
../auth/gensec/gensec_start.c:649(gensec_start_mech)
Starting GENSEC mechanism schannel
[2013/11/04 14:05:17.887505, 3]
../libcli/auth/schannel_state_tdb.c:181(schannel_fetch_session_key_tdb)
schannel_fetch_session_key_tdb: restored schannel info key
SECRETS/SCHANNEL/SERVERNAME
[2013/11/04 14:05:17.927963, 3]
../source4/rpc_server/dcerpc_server.c:963(dcesrv_request)
Warning: 60 extra bytes in incoming RPC request
[2013/11/04 14:05:17.945518, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ SQLService at AD.MYDOMAIN.COM.AU from ipv4:
172.17.1.20:61630 for
SQLService\@AD.MYDOMAIN.COM.AU at AD.MYDOMAIN.COM.AU[canonicalize,
renewable, forwardable]
[2013/11/04 14:05:17.956953, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: s4u2self SQLService at AD.MYDOMAIN.COM.AU impersonating
sodadm at MYDOMAIN to service SQLService\@AD.MYDOMAIN.COM.AU at AD.MYDOMAIN.COM.AU
[2013/11/04 14:05:17.957371, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Principal may not act as server -- SQLService\@
AD.MYDOMAIN.COM.AU at AD.MYDOMAIN.COM.AU
[2013/11/04 14:05:17.972537, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed building TGS-REP to ipv4:172.17.1.20:61630
[2013/11/04 14:05:17.990408, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
[2013/11/04 14:05:17.990922, 5]
../source4/lib/messaging/messaging.c:554(imessaging_cleanup)
imessaging: cleaning up /opt/samba4/private/smbd.tmp/msg/msg.1370.34
[2013/11/04 14:05:17.991117, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]
[2013/11/04 14:05:18.136571, 5]
../source4/winbind/wb_irpc.c:144(wb_irpc_get_idmap)
wb_irpc_get_idmap called
[2013/11/04 14:05:18.136706, 5]
../source4/winbind/wb_sids2xids.c:43(wb_sids2xids_send)
wb_sids2xids_send called
[2013/11/04 14:05:18.161368, 5]
../source4/winbind/wb_irpc.c:176(wb_irpc_get_idmap_callback)
wb_irpc_get_idmap_callback called
[2013/11/04 14:05:18.161647, 5]
../source4/winbind/wb_sids2xids.c:83(wb_sids2xids_recv)
wb_sids2xids_recv called
[2013/11/04 14:05:18.198764, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
Our smb.conf is currently:
# Global parameters
[global]
workgroup = MYDOMAIN
realm = AD.MYDOMAIN.COM.AU
netbios name = GATEWAY
server role = active directory domain controller
dns forwarder = 8.8.8.8
interfaces = eth1 lo
log level = 5
bind interfaces only = yes
[netlogon]
path = /opt/samba4/var/locks/sysvol/ad.mydomain.com.au/scripts
read only = No
[sysvol]
path = /opt/samba4/var/locks/sysvol
read only = No
I have replicated the exact same application installation using a Windows
Server PDC and it worked successfully.
Does anyone have any suggestions on things I can try?
Regards,
Jason
More information about the samba
mailing list